Filtered by vendor Advantech
Subscribe
Total
378 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-3323 | 1 Advantech | 1 Iview | 2026-06-17 | N/A | 7.5 HIGH |
| An SQL injection vulnerability in Advantech iView 5.7.04.6469. The specific flaw exists within the ConfigurationServlet endpoint, which listens on TCP port 8080 by default. An unauthenticated remote attacker can craft a special column_value parameter in the setConfiguration action to bypass checks in com.imc.iview.utils.CUtils.checkSQLInjection() to perform SQL injection. For example, the attacker can exploit the vulnerability to retrieve the iView admin password. | |||||
| CVE-2022-2143 | 1 Advantech | 1 Iview | 2026-06-17 | N/A | 9.8 CRITICAL |
| The affected product is vulnerable to two instances of command injection, which may allow an attacker to remotely execute arbitrary code. | |||||
| CVE-2022-2142 | 1 Advantech | 1 Iview | 2026-06-17 | N/A | 8.1 HIGH |
| The affected product is vulnerable to a SQL injection with high attack complexity, which may allow an unauthorized attacker to disclose information. | |||||
| CVE-2022-2139 | 1 Advantech | 1 Iview | 2026-06-17 | N/A | 6.5 MEDIUM |
| The affected product is vulnerable to directory traversal, which may allow an attacker to access unauthorized files and execute arbitrary code. | |||||
| CVE-2022-2138 | 1 Advantech | 1 Iview | 2026-06-17 | N/A | 8.2 HIGH |
| The affected product is vulnerable due to missing authentication, which may allow an attacker to read or modify sensitive data and execute arbitrary code, resulting in a denial-of-service condition. | |||||
| CVE-2022-2137 | 1 Advantech | 1 Iview | 2026-06-17 | N/A | 4.9 MEDIUM |
| The affected product is vulnerable to two SQL injections that require high privileges for exploitation and may allow an unauthorized attacker to disclose information | |||||
| CVE-2022-2136 | 1 Advantech | 1 Iview | 2026-06-17 | N/A | 8.8 HIGH |
| The affected product is vulnerable to multiple SQL injections that require low privileges for exploitation and may allow an unauthorized attacker to disclose information. | |||||
| CVE-2022-2135 | 1 Advantech | 1 Iview | 2026-06-17 | N/A | 7.5 HIGH |
| The affected product is vulnerable to multiple SQL injections, which may allow an unauthorized attacker to disclose information. | |||||
| CVE-2022-22987 | 1 Advantech | 2 Adam-3600, Adam-3600 Firmware | 2026-06-17 | 7.5 HIGH | 9.8 CRITICAL |
| The affected product has a hardcoded private key available inside the project folder, which may allow an attacker to achieve Web Server login and perform further actions. | |||||
| CVE-2021-42706 | 1 Advantech | 1 Webaccess Hmi Designer | 2026-06-17 | 4.6 MEDIUM | 7.8 HIGH |
| This vulnerability could allow an attacker to disclose information and execute arbitrary code on affected installations of WebAccess/MHI Designer | |||||
| CVE-2021-42703 | 1 Advantech | 1 Webaccess Hmi Designer | 2026-06-17 | 4.3 MEDIUM | 5.4 MEDIUM |
| This vulnerability could allow an attacker to send malicious Javascript code resulting in hijacking of the user’s cookie/session tokens, redirecting the user to a malicious webpage, and performing unintended browser action. | |||||
| CVE-2021-40397 | 1 Advantech | 1 Wise-paas\/ota | 2026-06-17 | 9.3 HIGH | 7.8 HIGH |
| A privilege escalation vulnerability exists in the installation of Advantech WISE-PaaS/OTA Server 3.0.9. A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker can provide a malicious file to trigger this vulnerability. | |||||
| CVE-2021-40396 | 1 Advantech | 1 Deviceon\/iservice | 2026-06-17 | 7.2 HIGH | 8.8 HIGH |
| A privilege escalation vulnerability exists in the installation of Advantech DeviceOn/iService 1.1.7. A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker can provide a malicious file to trigger this vulnerability. | |||||
| CVE-2021-40389 | 1 Advantech | 1 Deviceon\/iedge | 2026-06-17 | 7.2 HIGH | 8.8 HIGH |
| A privilege escalation vulnerability exists in the installation of Advantech DeviceOn/iEdge Server 1.0.2. A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker can provide a malicious file to trigger this vulnerability. | |||||
| CVE-2021-40388 | 1 Advantech | 1 Sq Manager | 2026-06-17 | 7.2 HIGH | 8.8 HIGH |
| A privilege escalation vulnerability exists in Advantech SQ Manager Server 1.0.6. A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker can provide a malicious file to trigger this vulnerability. | |||||
| CVE-2021-38431 | 1 Advantech | 1 Webaccess Scada | 2026-06-17 | 4.0 MEDIUM | 4.3 MEDIUM |
| An authenticated user using Advantech WebAccess SCADA in versions 9.0.3 and prior can use API functions to disclose project names and paths from other users. | |||||
| CVE-2021-38408 | 1 Advantech | 1 Webaccess | 2026-06-17 | 7.5 HIGH | 9.8 CRITICAL |
| A stack-based buffer overflow vulnerability in Advantech WebAccess Versions 9.02 and prior caused by a lack of proper validation of the length of user-supplied data may allow remote code execution. | |||||
| CVE-2021-38389 | 1 Advantech | 1 Webaccess | 2026-06-17 | 7.5 HIGH | 9.8 CRITICAL |
| Advantech WebAccess versions 9.02 and prior are vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute code. | |||||
| CVE-2021-34540 | 1 Advantech | 1 Webaccess | 2026-06-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| Advantech WebAccess 8.4.2 and 8.4.4 allows XSS via the username column of the bwRoot.asp page of WADashboard. | |||||
| CVE-2021-33023 | 1 Advantech | 1 Webaccess | 2026-06-17 | 7.5 HIGH | 9.8 CRITICAL |
| Advantech WebAccess versions 9.02 and prior are vulnerable to a heap-based buffer overflow, which may allow an attacker to remotely execute code. | |||||